Sign-up

ID

VAR-200312-0338


CVE

CVE-2003-1435


TITLE

PHP-Nuke modules.php Remotely obtain encrypted password vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-119

DESCRIPTION

SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. PHPNuke, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. A remote attacker may use this vulnerability to obtain the encrypted password HASH value of the PHP-Nuke administrator, thereby gaining administrator privileges

Trust: 1.26

sources: NVD: CVE-2003-1435 // BID: 6887 // VULHUB: VHN-8260

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:5.6

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.6

Trust: 0.3

sources: BID: 6887 // CNNVD: CNNVD-200312-119 // NVD: CVE-2003-1435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1435
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200312-119
value: HIGH

Trust: 0.6

VULHUB: VHN-8260
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-1435
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-8260
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8260 // CNNVD: CNNVD-200312-119 // NVD: CVE-2003-1435

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

sources: VULHUB: VHN-8260 // NVD: CVE-2003-1435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-119

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200312-119

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8260

EXTERNAL IDS
db:BIDid:6887
Trust: 2.0
db:NVDid:CVE-2003-1435
Trust: 1.7
db:CNNVDid:CNNVD-200312-119
Trust: 0.7
db:BUGTRAQid:20030220 PHPNUKE SQL INJECTION
Trust: 0.6
db:NSFOCUSid:4444
Trust: 0.6
db:XFid:11375
Trust: 0.6
db:EXPLOIT-DBid:22266
Trust: 0.1
db:SEEBUGid:SSVID-76075
Trust: 0.1
db:VULHUBid:VHN-8260
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8260 // 
            
            
            
            BID: 6887 // 
            
            
            
            CNNVD: CNNVD-200312-119 // 
            
            
            
            NVD: CVE-2003-1435

REFERENCES
url:http://www.securityfocus.com/bid/6887
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2003-02/0246.html
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/11375
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/11375
Trust: 0.6
url:http://www.nsfocus.net/vulndb/4444
Trust: 0.6
url:http://www.irannuke.com/
Trust: 0.3
url:http://www.cgishield.com/?target=advisory&id=7
Trust: 0.3
sources:
            
            
            VULHUB: VHN-8260 // 
            
            
            
            BID: 6887 // 
            
            
            
            CNNVD: CNNVD-200312-119 // 
            
            
            
            NVD: CVE-2003-1435

CREDITS
David Zentner※ david@cgishield.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200312-119

SOURCES
db:VULHUBid:VHN-8260
db:BIDid:6887
db:CNNVDid:CNNVD-200312-119
db:NVDid:CVE-2003-1435

LAST UPDATE DATE
2024-08-14T14:48:11.888000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-8260date:2017-07-29T00:00:00
db:BIDid:6887date:2003-02-19T00:00:00
db:CNNVDid:CNNVD-200312-119date:2012-12-07T00:00:00
db:NVDid:CVE-2003-1435date:2017-07-29T01:29:11.547

SOURCES RELEASE DATE
db:VULHUBid:VHN-8260date:2003-12-31T00:00:00
db:BIDid:6887date:2003-02-19T00:00:00
db:CNNVDid:CNNVD-200312-119date:2003-02-27T00:00:00
db:NVDid:CVE-2003-1435date:2003-12-31T05:00:00